1. Home
  2. Credit card of tomorrow: software, not plastic

Credit card of tomorrow: software, not plastic

[email protected] (News Network)
April 3, 2014

Apr 3: Since the 1970s, paying with plastic has been pretty standard everywhere: customers swiped their cards, signed receipts and took home their purchases.

Credit_cardBut after security breaches at Target late last year led to the loss of personal data from as many as 110 million customers, the financial industry is racing to adopt technologies that will alter that decades-old ritual. Driven largely by security concerns, credit card companies and issuers say they are working to make the system as consumers know it obsolete through smart chips and advanced computer programming.

To many, it is about time. The roots of the magnetic strip on credit cards extend back to World War II, ample time for thieves to learn to hack and steal those black lines of prized account information. Credit card fraud totalled nearly $5.3 billion in the United States alone in 2012, giving the industry plenty of incentive to devise a better system. The amount lost to fraud continues to grow by 30 to 50 per cent a year, according to estimates from the Aite Group, a research company.

Efforts to bolster card security were underway well before hackers broke into the systems of Target, Neiman Marcus, Michaels and other store chains. But the recent data breaches injected new urgency into adopting newer technology. “I think this will become a defining moment about how we in the industry think about security,” said Eileen Serra, the chief executive of Chase Card Services.

The credit card industry, especially in the United States, has long relied on increasingly sophisticated analytical programmes to weed out potentially fraudulent transactions. But it has also focussed on a handful of technologies it contends will better protect customers in stores and online. One is placing microprocessors onto cards, a standard known as EMV for its initial backers: Europay, MasterCard and Visa. Another is known as tokenisation, a way of masking consumers" card information over the Internet. “It"s about taking vulnerable data out of the merchant environment,” said Ellen Richey, Visa"s chief legal officer.

EMV is the best-known technology. Such cards are embedded with smart chips authenticating that their bearers are their rightful users. The chip is also extraordinarily difficult for thieves to counterfeit. Cardholders verify the transaction with a PIN or a signature. Though the latter is less secure, it will likely be more prevalent in the United States at first, though Chase and others expect to offer chip-and-PIN cards this year.

Europe and parts of Asia have already used the system for the better part of a decade, while American merchants and issuers have balked, largely because of cost. Chip-equipped cards cost an estimated $1.30 each to make, while a standard plastic card with a magnetic stripe on the back costs roughly 10 cents. Retailers, too, have been loath to update their systems to accept chip technology because of the added cost.

“EMV is going to cost billions of dollars to implement in this country,” said Shirley W Inscoe, an analyst at the Aite Group. But research suggests that the system works. In 2005, when Britain fully phased in the EMV technology, credit counterfeit card fraud was 25 per cent; such fraud plummeted to 11 per cent seven years later, according to the Aite Group.

Visa, MasterCard and American Express all announced road maps for adopting smart chips more than a year and a half ago, with the aim of forcing most retailers and issuers to put EMV in place by October 2015 in the United States. By then, the liability for any counterfeit fraud will fall on whoever has not adopted the chip technology (gas stations and ATMs will have until 2017 to meet the new requirements.)

From 17 million to 20 million chip cards have been issued in the United States, according to the Smart Card Alliance, an industry group. But that represents just 2 per cent of the one billion cards in use. In many ways, the chip technology is already decades old. It has been around since the 1990s, born in an era before the Internet and widespread e-commerce.

Industry officials concede that such technology would not have prevented the data breach at Target, or any sort of online fraud in which thieves obtained lists of customers" credit card numbers. Markets where EMV has been adopted have shown a significant increase in Internet fraud. That is a gap that tokenisation is meant to fill.

The technology works behind the scenes of a digital transaction: customers still put in their card number, but software then transforms that information into a one-time token — a randomly generated code — that is sent through the payment-processing chain. Thieves who intercept the code can do little with it without the means to unscramble the token.

To many in the industry, part of the technology"s appeal is that it requires less upheaval than EMV customers still put in card information as they always have. And the digital tokens are largely in the same format as traditional card numbers, but mask identifying information.

“Now you don"t have personal information around the world,” Serra said. “With tokenisation, we can keep that data much more secure.” The hope of digital tokens is that they will not be confined to any one way of paying. Websites, digital wallets and mobile devices could all use the technology, broadening its utility. “Every device should have the same foundation,” Ed McLaughlin, MasterCard"s chief emerging payments officer, said.

Token technology

Still, for years token technology lacked the sort of universal standard that underpins chip cards. But in recent months, a joint venture of Visa, MasterCard, American Express and others announced a proposed framework to ensure that everyone was on the same page. At least two of the five biggest card issuers in the United States are adopting some form of tokens, Inscoe said.

A framework for token systems is still being built, and meaningful adoption is years away, said Randy Vanderhoof, the executive director of the Smart Card Alliance. For now, chip cards will help eliminate the most obvious and pressing kinds of fraud. “If your boat is leaking in multiple places, and you can"t plug them all up at the same time, you plug the biggest one first,” Vanderhoof said.

Ultimately, while physical cards will remain in use for some time, many in the industry predict plastic as the primary way to pay will give way to digital wallets embedded in smart phones, tablets and other devices. MasterCard is already testing a way for Australian consumers with Samsung Galaxy S4 phones to pay using their phones.

Smart chips and tokens eventually will be embedded in an array of computers, providing multiple layers of security, Mr McLaughlin of MasterCard said. A consumer"s smartphone will not only have a unique ID, it will also generate one-of-a-kind tokens for every transaction — ones that can easily be disabled if the phone is lost or stolen. “The mag stripe will become functionally obsolete,” Richey of Visa said. “Mobile will take over.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 16,2020

While Google is still working on a coronavirus screening and tracking website, Microsoft Bing team has already launched a web portal for tracking COVID-19 infections worldwide.

The website, accessible at bing.com/covid, provides up-to-date infection statistics for each country.

The COVID-19 Tracker currently lists 168,835 as total confirmed cases, 84,558 active cases, 77,761 recovered cases and 6,516 deaths.

There are at least 3,244 confirmed cases of novel coronavirus in the US and at least 61 deaths.

"Lots of Bing folks worked (from home) this past week to create a mapping and authoritative news resource for COVID19 info," Michael Schechter, General Manager for Bing Growth and Distribution at Microsoft, was quoted as saying in a ZDNet report on Sunday.

An interactive map allows site visitors to click on the country to see the specific number of cases and related articles from a variety of publishers.

Data is being aggregated from sources like the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and the European Centre for Disease Prevention and Control (ECDC).

Microsoft announced the website two days after US President Donald Trump said Google has begun working on COVID-19-related portal for US citizens.

Google's website is being built by Verily, a subsidiary of Alphabet focused on healthcare services.

"More than 1,700 engineers are currently working on the site", Trump said during a press briefing last week.

The tool will triage people who are concerned about their COVID-19 risk into testing sites based on guidance from public health officials and test availability.

Initially, there was some confusion on Google's coronavirus portal but the company later announced that it is "partnering with the US Government in developing a nationwide website that includes information about COVID-19 symptoms, risk, and testing information."

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 28,2020

The US space agency has thrown open a challenge to win over Rs 26 lakh, calling the global community to send novel design concepts for compact toilets that can operate in both microgravity and lunar gravity.

NASA is preparing for return to the Moon and innumerable activities to equip, shelter, and otherwise support future astronauts are underway.

The astronauts will be eating and drinking, and subsequently urinating and defecating in microgravity and lunar gravity.

NASA said that while astronauts are in the cabin and out of their spacesuits, they will need a toilet that has all the same capabilities as ones here on Earth.

The public designs for space toilet may be adapted for use in the Artemis lunar landers that take humans back to the Moon.

"Although space toilets already exist and are in use (at the International Space Station, for example), they are designed for microgravity only," the US space agency said in a statement.

NASA's Human Landing System Programme is looking for a next-generation device that is smaller, more efficient, and capable of working in both microgravity and lunar gravity.

The new NASA challenge includes a Technical category and Junior category and the last date to send designs is August 17.

NASA's Artemis Moon mission will land the first woman and next man on the lunar surface by 2024.

The Artemis programme is part of America's broader Moon to Mars exploration approach, in which astronauts will explore the Moon and experience gained there to enable humanity's next giant leap, sending humans to Mars.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 22,2020

Kochi, May 22: During the nationwide COVID-19 lockdown, Kerala recorded the highest number of cyber attacks followed by Punjab and Tamil Nadu, a study by anti-virus software firm K7 Computing said on Thursday.

In a statement issued in Chennai, the company said its K7 Computing's Cyber Threat Report, a comprehensive analysis of cyber attacks during the lockdown has found that Kerala recorded the highest number of cyber attacks during this period. The report analyses various cyber attacks within India during the pandemic and reveals that threat actors targeted the state with COVID-themed attacks aimed at exploiting user trust.

In Kerala, regions like Kottayam, Kannur, Kollam, and Kochi saw the highest hits with 462, 374, 236, and 147 attacks respectively, while the state as a whole saw around 2,000 attacks during the period - the highest thus far in the country.

This was followed by Punjab with 207 attacks and Tamil Nadu with 184 attacks, the company said.

The sudden surge in the frequency of attacks witnessed from February 2020 to mid-April 2020 indicates that scamsters across the world were exploiting the widespread panic around coronavirus at both the individual and corporate level.

These attacks aimed to compromise computers and mobile devices to gain access to users' confidential data, banking details, and cryptocurrency accounts.

The key threats seen during this period ranged from phishing attacks to rogue apps disguised as COVID-19 information apps that targeted users' sensitive data. Phishing attacks were noticed more in Tier-II and Tier-III cities while the metros fared better. Smaller cities saw over 250 attacks being blocked per 10,000 users.

Users from Ghaziabad and Lucknow seem to have faced almost 6 and 4 times the number of attacks as Bengaluru users.

According to the statement, a majority of the recorded attacks were phishing attacks with sophisticated campaigns that could easily snare even the most educated users. These attacks were aimed at heightening users' fears and creating a sense of urgency to take action.

K7 Labs noticed phishing attacks where scamsters posed as representatives of the United States Department of Treasury, the World Health Organization (WHO), and the Centres for Disease Control and Prevention (CDC), the company said.

Users were encouraged to visit links that would automatically download malware on the host computer such as the Agent Tesla keylogger or Lokibot information-stealing malware, infamous banking Trojans such as Trickbot or Zeus Sphinx, and even disastrous ransomware.

Other attacks included infected COVID-19 Android apps like CoronaSafetyMask that scam users with promises of masks for an upfront payment; the spyware app Project Spy; and seemingly genuine apps that are infected with dangerous malware like banking Trojans such as Ginp, Anubis and Cerberus.

"Covid-19 has created an ideal situation for various threat actors to target individuals and enterprises alike. The panic caused by the stringent lockdown measures and rapid spread of this virus has left many people looking for more information on the situation," J. Kesavardhanan, Founder and CEO of K7 Computing was quoted as saying in the statement.

"Threat actors exploit this fear to their advantage and scam users into downloading malicious software and divulging sensitive information like banking codes. The need to be cyber cautious has never been greater. This is more so in the case of corporates who have adopted a work from home policy hurriedly without adequate cyber hygiene. We have seen an increase in attacks on enterprises and SME employees as well," he added.

Such attacks are expected to continue till normalcy returns. Social engineering attacks targeted at winning users' trust will gain momentum.

Healthcare institutions, well-known government offices, and international organisations will continue to be a prime target throughout the pandemic, the statement said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.